Commit e9974390 authored by Manoj M J's avatar Manoj M J Committed by Imre Farkas

Allow new user registrations in `blocked_pending_approval` state

This change allows newly registered users to be put into the
`blocked_pending_approval` state if the instance admin
has enabled the concerned setting.
parent fec8d477
...@@ -6,6 +6,8 @@ class RegistrationsController < Devise::RegistrationsController ...@@ -6,6 +6,8 @@ class RegistrationsController < Devise::RegistrationsController
include RecaptchaExperimentHelper include RecaptchaExperimentHelper
include InvisibleCaptchaOnSignup include InvisibleCaptchaOnSignup
BLOCKED_PENDING_APPROVAL_STATE = 'blocked_pending_approval'.freeze
layout :choose_layout layout :choose_layout
skip_before_action :required_signup_info, :check_two_factor_requirement, only: [:welcome, :update_registration] skip_before_action :required_signup_info, :check_two_factor_requirement, only: [:welcome, :update_registration]
...@@ -28,6 +30,7 @@ class RegistrationsController < Devise::RegistrationsController ...@@ -28,6 +30,7 @@ class RegistrationsController < Devise::RegistrationsController
end end
def create def create
set_user_state
accept_pending_invitations accept_pending_invitations
super do |new_user| super do |new_user|
...@@ -37,9 +40,9 @@ class RegistrationsController < Devise::RegistrationsController ...@@ -37,9 +40,9 @@ class RegistrationsController < Devise::RegistrationsController
yield new_user if block_given? yield new_user if block_given?
end end
# Devise sets a flash message on `create` for a successful signup, # Devise sets a flash message on both successful & failed signups,
# which we don't want to show. # but we only want to show a message if the resource is blocked by a pending approval.
flash[:notice] = nil flash[:notice] = nil unless resource.blocked_pending_approval?
rescue Gitlab::Access::AccessDeniedError rescue Gitlab::Access::AccessDeniedError
redirect_to(new_user_session_path) redirect_to(new_user_session_path)
end end
...@@ -121,6 +124,8 @@ class RegistrationsController < Devise::RegistrationsController ...@@ -121,6 +124,8 @@ class RegistrationsController < Devise::RegistrationsController
def after_inactive_sign_up_path_for(resource) def after_inactive_sign_up_path_for(resource)
Gitlab::AppLogger.info(user_created_message) Gitlab::AppLogger.info(user_created_message)
return new_user_session_path(anchor: 'login-pane') if resource.blocked_pending_approval?
Feature.enabled?(:soft_email_confirmation) ? dashboard_projects_path : users_almost_there_path Feature.enabled?(:soft_email_confirmation) ? dashboard_projects_path : users_almost_there_path
end end
...@@ -235,6 +240,13 @@ class RegistrationsController < Devise::RegistrationsController ...@@ -235,6 +240,13 @@ class RegistrationsController < Devise::RegistrationsController
!helpers.in_oauth_flow? && !helpers.in_oauth_flow? &&
!helpers.in_trial_flow? !helpers.in_trial_flow?
end end
def set_user_state
return unless Feature.enabled?(:admin_approval_for_new_user_signups)
return unless Gitlab::CurrentSettings.require_admin_approval_after_user_signup
resource.state = BLOCKED_PENDING_APPROVAL_STATE
end
end end
RegistrationsController.prepend_if_ee('EE::RegistrationsController') RegistrationsController.prepend_if_ee('EE::RegistrationsController')
...@@ -45,6 +45,7 @@ en: ...@@ -45,6 +45,7 @@ en:
signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated." signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated."
signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked." signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked."
signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account." signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account."
signed_up_but_blocked_pending_approval: "You have signed up successfully. However, we could not sign you in because your account is awaiting approval from your administrator."
update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirm link to confirm your new email address." update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirm link to confirm your new email address."
updated: "Your account has been updated successfully." updated: "Your account has been updated successfully."
sessions: sessions:
......
...@@ -83,19 +83,117 @@ RSpec.describe RegistrationsController do ...@@ -83,19 +83,117 @@ RSpec.describe RegistrationsController do
let(:base_user_params) { { name: 'new_user', username: 'new_username', email: 'new@user.com', password: 'Any_password' } } let(:base_user_params) { { name: 'new_user', username: 'new_username', email: 'new@user.com', password: 'Any_password' } }
let(:user_params) { { user: base_user_params } } let(:user_params) { { user: base_user_params } }
context 'email confirmation' do subject { post(:create, params: user_params) }
around do |example|
perform_enqueued_jobs do context '`blocked_pending_approval` state' do
example.run context 'when the feature is enabled' do
before do
stub_feature_flags(admin_approval_for_new_user_signups: true)
end
context 'when the `require_admin_approval_after_user_signup` setting is turned on' do
before do
stub_application_setting(require_admin_approval_after_user_signup: true)
end
it 'signs up the user in `blocked_pending_approval` state' do
subject
created_user = User.find_by(email: 'new@user.com')
expect(created_user).to be_present
expect(created_user.blocked_pending_approval?).to eq(true)
end
it 'does not log in the user after sign up' do
subject
expect(controller.current_user).to be_nil
end
it 'shows flash message after signing up' do
subject
expect(response).to redirect_to(new_user_session_path(anchor: 'login-pane'))
expect(flash[:notice])
.to eq('You have signed up successfully. However, we could not sign you in because your account is awaiting approval from your administrator.')
end
context 'email confirmation' do
context 'when `send_user_confirmation_email` is true' do
before do
stub_application_setting(send_user_confirmation_email: true)
end
it 'does not send a confirmation email' do
expect { subject }
.not_to have_enqueued_mail(DeviseMailer, :confirmation_instructions)
end
end
end
end
context 'when the `require_admin_approval_after_user_signup` setting is turned off' do
before do
stub_application_setting(require_admin_approval_after_user_signup: false)
end
it 'signs up the user in `active` state' do
subject
created_user = User.find_by(email: 'new@user.com')
expect(created_user).to be_present
expect(created_user.active?).to eq(true)
end
it 'does not show any flash message after signing up' do
subject
expect(flash[:notice]).to be_nil
end
context 'email confirmation' do
context 'when `send_user_confirmation_email` is true' do
before do
stub_application_setting(send_user_confirmation_email: true)
end
it 'sends a confirmation email' do
expect { subject }
.to have_enqueued_mail(DeviseMailer, :confirmation_instructions)
end
end
end
end
end
context 'when the feature is disabled' do
before do
stub_feature_flags(admin_approval_for_new_user_signups: false)
end
context 'when the `require_admin_approval_after_user_signup` setting is turned on' do
before do
stub_application_setting(require_admin_approval_after_user_signup: true)
end
it 'signs up the user in `active` state' do
subject
created_user = User.find_by(email: 'new@user.com')
expect(created_user).to be_present
expect(created_user.active?).to eq(true)
end
end end
end end
end
context 'email confirmation' do
context 'when send_user_confirmation_email is false' do context 'when send_user_confirmation_email is false' do
it 'signs the user in' do it 'signs the user in' do
stub_application_setting(send_user_confirmation_email: false) stub_application_setting(send_user_confirmation_email: false)
expect { post(:create, params: user_params) }.not_to change { ActionMailer::Base.deliveries.size } expect { subject }.not_to have_enqueued_mail(DeviseMailer, :confirmation_instructions)
expect(subject.current_user).not_to be_nil expect(controller.current_user).not_to be_nil
end end
end end
...@@ -111,10 +209,8 @@ RSpec.describe RegistrationsController do ...@@ -111,10 +209,8 @@ RSpec.describe RegistrationsController do
end end
it 'does not authenticate the user and sends a confirmation email' do it 'does not authenticate the user and sends a confirmation email' do
post(:create, params: user_params) expect { subject }.to have_enqueued_mail(DeviseMailer, :confirmation_instructions)
expect(controller.current_user).to be_nil
expect(ActionMailer::Base.deliveries.last.to.first).to eq(user_params[:user][:email])
expect(subject.current_user).to be_nil
end end
end end
...@@ -125,9 +221,8 @@ RSpec.describe RegistrationsController do ...@@ -125,9 +221,8 @@ RSpec.describe RegistrationsController do
end end
it 'authenticates the user and sends a confirmation email' do it 'authenticates the user and sends a confirmation email' do
post(:create, params: user_params) expect { subject }.to have_enqueued_mail(DeviseMailer, :confirmation_instructions)
expect(controller.current_user).to be_present
expect(ActionMailer::Base.deliveries.last.to.first).to eq(user_params[:user][:email])
expect(response).to redirect_to(users_sign_up_welcome_path) expect(response).to redirect_to(users_sign_up_welcome_path)
end end
end end
...@@ -137,7 +232,7 @@ RSpec.describe RegistrationsController do ...@@ -137,7 +232,7 @@ RSpec.describe RegistrationsController do
it 'redirects to sign_in' do it 'redirects to sign_in' do
stub_application_setting(signup_enabled: false) stub_application_setting(signup_enabled: false)
expect { post(:create, params: user_params) }.not_to change(User, :count) expect { subject }.not_to change(User, :count)
expect(response).to redirect_to(new_user_session_path) expect(response).to redirect_to(new_user_session_path)
end end
end end
...@@ -158,14 +253,14 @@ RSpec.describe RegistrationsController do ...@@ -158,14 +253,14 @@ RSpec.describe RegistrationsController do
it 'displays an error when the reCAPTCHA is not solved' do it 'displays an error when the reCAPTCHA is not solved' do
allow_any_instance_of(described_class).to receive(:verify_recaptcha).and_return(false) allow_any_instance_of(described_class).to receive(:verify_recaptcha).and_return(false)
post(:create, params: user_params) subject
expect(response).to render_template(:new) expect(response).to render_template(:new)
expect(flash[:alert]).to eq(_('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')) expect(flash[:alert]).to eq(_('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.'))
end end
it 'redirects to the welcome page when the reCAPTCHA is solved' do it 'redirects to the welcome page when the reCAPTCHA is solved' do
post(:create, params: user_params) subject
expect(response).to redirect_to(users_sign_up_welcome_path) expect(response).to redirect_to(users_sign_up_welcome_path)
end end
...@@ -264,7 +359,7 @@ RSpec.describe RegistrationsController do ...@@ -264,7 +359,7 @@ RSpec.describe RegistrationsController do
end end
it 'redirects back with a notice when the checkbox was not checked' do it 'redirects back with a notice when the checkbox was not checked' do
post :create, params: user_params subject
expect(flash[:alert]).to eq(_('You must accept our Terms of Service and privacy policy in order to register an account')) expect(flash[:alert]).to eq(_('You must accept our Terms of Service and privacy policy in order to register an account'))
end end
...@@ -272,8 +367,8 @@ RSpec.describe RegistrationsController do ...@@ -272,8 +367,8 @@ RSpec.describe RegistrationsController do
it 'creates the user with agreement when terms are accepted' do it 'creates the user with agreement when terms are accepted' do
post :create, params: user_params.merge(terms_opt_in: '1') post :create, params: user_params.merge(terms_opt_in: '1')
expect(subject.current_user).to be_present expect(controller.current_user).to be_present
expect(subject.current_user.terms_accepted?).to be(true) expect(controller.current_user.terms_accepted?).to be(true)
end end
context 'when experiment terms_opt_in is enabled' do context 'when experiment terms_opt_in is enabled' do
...@@ -287,10 +382,10 @@ RSpec.describe RegistrationsController do ...@@ -287,10 +382,10 @@ RSpec.describe RegistrationsController do
end end
it 'creates the user with accepted terms' do it 'creates the user with accepted terms' do
post :create, params: user_params subject
expect(subject.current_user).to be_present expect(controller.current_user).to be_present
expect(subject.current_user.terms_accepted?).to be(true) expect(controller.current_user.terms_accepted?).to be(true)
end end
end end
...@@ -300,7 +395,7 @@ RSpec.describe RegistrationsController do ...@@ -300,7 +395,7 @@ RSpec.describe RegistrationsController do
end end
it 'creates the user without accepted terms' do it 'creates the user without accepted terms' do
post :create, params: user_params subject
expect(flash[:alert]).to eq(_('You must accept our Terms of Service and privacy policy in order to register an account')) expect(flash[:alert]).to eq(_('You must accept our Terms of Service and privacy policy in order to register an account'))
end end
...@@ -310,8 +405,6 @@ RSpec.describe RegistrationsController do ...@@ -310,8 +405,6 @@ RSpec.describe RegistrationsController do
describe 'tracking data' do describe 'tracking data' do
context 'with sign up flow and terms_opt_in experiment being enabled' do context 'with sign up flow and terms_opt_in experiment being enabled' do
subject { post :create, params: user_params }
before do before do
stub_experiment(signup_flow: true, terms_opt_in: true) stub_experiment(signup_flow: true, terms_opt_in: true)
end end
...@@ -361,13 +454,13 @@ RSpec.describe RegistrationsController do ...@@ -361,13 +454,13 @@ RSpec.describe RegistrationsController do
it "logs a 'User Created' message" do it "logs a 'User Created' message" do
expect(Gitlab::AppLogger).to receive(:info).with(/\AUser Created: username=new_username email=new@user.com.+\z/).and_call_original expect(Gitlab::AppLogger).to receive(:info).with(/\AUser Created: username=new_username email=new@user.com.+\z/).and_call_original
post(:create, params: user_params) subject
end end
it 'handles when params are new_user' do it 'handles when params are new_user' do
post(:create, params: { new_user: base_user_params }) post(:create, params: { new_user: base_user_params })
expect(subject.current_user).not_to be_nil expect(controller.current_user).not_to be_nil
end end
context 'with the experimental signup flow enabled and the user is part of the experimental group' do context 'with the experimental signup flow enabled and the user is part of the experimental group' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment